How to determine SSL cert expire date from the cert file itself(.p12)

Question

If I have the actual file(.p12) and a Bash shell in Mac, how can I extract certificate and key file and also the certificate expiration date? assuming I have the csr(.p12), key files.

Answer 1

Extract the client certificate from the pkcs12 file and print its end date:

openssl pkcs12 -in certificate.p12 -clcerts -nodes | openssl x509 -noout -enddate

If you do not include the -clcerts option you may get the end date from a CA certificate instead of from your own certificate. Several CA certificates are usually included within the file as part of the chain of trust.

Answer 2

Here's how you do it on Windows:

certutil -dump "file.pfx"

P.S. I know the question specifically mentions Mac, this is just in case Google sends you here (like it sent me).

Answer 3

You can make the first answer a one-liner without using the intermediate file:

openssl pkcs12 -in certificate.p12 -nodes | openssl x509 -noout -enddate

Answer 4

You can use openssl to extract the certificate from the .p12 file to a .pem file using the following command:

openssl pkcs12 -in certificate.p12 -out certificate.pem -nodes

Then, you can extract the expiration date from the certificate in the .pem file using the following command:

cat certificate.pem | openssl x509 -noout -enddate